Jump to navigation Jump to search
An assortment of capture filters because my brain has other things to remember and "port not 22" never sticks.
This guy has a longer list: https://danielmiessler.com/study/tcpdump/
Note: the "not" got after the command
# no lookups (DNS or port, OMFG I hate the port names) and specify the interface tcpdump -nni eth0 # src or dst tcpdump -nn host 184.108.40.206 tcpdump -nn src 220.127.116.11 and dst 18.104.22.168 # not port 22 tcpdump port not 22 # you can also use src/dst with ports tcpdump -nn src port 22 # packet size tcpdump -nn less 32 tcpdump -nn greater 64
-X : Show the packet’s contents in both hex and ASCII. -XX : Same as -X, but also shows the ethernet header. -D : Show the list of available interfaces -l : Line-readable output (for viewing as you save, or sending to other commands) -q : Be less verbose (more quiet) with your output. -t : Give human-readable timestamp output. -tttt : Give maximally human-readable timestamp output. -i eth0 : Listen on the eth0 interface. -vv : Verbose output (more v’s gives more output). -c : Only get x number of packets and then stop. -s : Define the snaplength (size) of the capture in bytes. Use -s0 to get everything, unless you are intentionally capturing less. -S : Print absolute sequence numbers. -e : Get the ethernet header as well. -q : Show less protocol information.